Contents x
    API Integrations
    • 02 Aug 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents
      This documentation version is deprecated, please click here for the latest version.

    API Integrations

    • Updated on 02 Aug 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Mechanics

    Functionally, API-based lookups operate exactly the same as using the normal lookup operator, with one addition: metadata_rules. The rule will pass a value to the lookup, wait for a response, and then evaluate the response using metadata_rules.

    The operators within metadata_rules are evaluated exactly the same as any other rule, except they additionally evaluate the lookup's response. The response actions will only run if the metadata_rules criteria are met.

    Configuration

    When subscribed, API keys can be managed within the Integrations menu, available under Organizaiton Settings in the web app:

    image.png

    Users who wish to view and/or edit API keys will need to have the following permissions:

    • org.conf.get
    • org.conf.set

    Available Lookups

    LimaCharlie offers multiple API lookups for telemetry and D&R rule enrichment, allowing you to make higher fidelity detections that rely on API-based metadata. Don't see an integration that you want? Let us know!

    API Limits

    Note that API keys often have limits associated with them. If you run out of quota on your API keys, LimaCharlie will often cease lookups until the timeout or quota period has been reinstated.

    Was this article helpful?
    What's Next